Higher-order modules and the phase distinction
POPL '90 Proceedings of the 17th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A framework for defining logics
Journal of the ACM (JACM)
Authentication in distributed systems: theory and practice
ACM Transactions on Computer Systems (TOCS)
Authentication in the Taos operating system
ACM Transactions on Computer Systems (TOCS) - Special issue on operating systems principles
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Certificate chain discovery in SPKI?SDSI
Journal of Computer Security
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A Symmetric Modal Lambda Calculus for Distributed Computing
LICS '04 Proceedings of the 19th Annual IEEE Symposium on Logic in Computer Science
Permission-based ownership: encapsulating state in higher-order typed languages
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Non-Interference in Constructive Authorization Logic
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Access control in a core calculus of dependency
Proceedings of the eleventh ACM SIGPLAN international conference on Functional programming
A Type Discipline for Authorization in Distributed Systems
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Mechanizing metatheory in a logical framework
Journal of Functional Programming
Refinement Types for Secure Implementations
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Fable: A Language for Enforcing User-defined Security Policies
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
AURA: a programming language for authorization and audit
Proceedings of the 13th ACM SIGPLAN international conference on Functional programming
Modal types for mobile code
Type-safe distributed programming with ML5
TGC'07 Proceedings of the 3rd conference on Trustworthy global computing
PCAL: language support for proof-carrying authorization systems
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Device-enabled authorization in the grey system
ISC'05 Proceedings of the 8th international conference on Information Security
Type-preserving compilation of end-to-end verification of security enforcement
PLDI '10 Proceedings of the 2010 ACM SIGPLAN conference on Programming language design and implementation
Security-typed programming within dependently typed programming
Proceedings of the 15th ACM SIGPLAN international conference on Functional programming
Secure distributed programming with value-dependent types
Proceedings of the 16th ACM SIGPLAN international conference on Functional programming
Self-certification: bootstrapping certified typecheckers in F* with Coq
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Privacy-aware proof-carrying authorization
Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
Proof-Carrying code in a session-typed process calculus
CPP'11 Proceedings of the First international conference on Certified Programs and Proofs
Dependent Type Theory for Verification of Information Flow and Access Control Policies
ACM Transactions on Programming Languages and Systems (TOPLAS)
Stateful authorization logic --Proof theory and a case study
Journal of Computer Security - STM'10
| Hi-index | 0.00 |
We propose a programming language, called PCML5, for building distributed applications with distributed access control. Target applications include web-based systems in which programs must compute with stipulated resources at different sites. In such a setting, access control policies are decentralized (each site may impose restrictions on access to its resources without the knowledge of or cooperation with other sites) and spatially distributed each site may store its policies locally). To enforce such policies PCML5 employs a distributed proof-carrying authorization framework in which sensitive resources are governed by reference monitors that authenticate principals and demand logical proofs of compliance with site-specific access control policies. The language provides primitive operations for authentication, and acquisition of proofs from local policies. The type system of PCML5 enforces locality restrictions on resources, ensuring that they can only be accessed from the site at which they reside, and enforces the authentication and authorization obligations required to comply with local access control policies. This ensures that a well-typed PCML5 program cannot incur a runtime access control violation at a reference monitor for a controlled resource.